[33065] in Kerberos
Re: Clearing credentials question
daemon@ATHENA.MIT.EDU (Garrett Wollman)
Fri Jan 7 10:04:21 2011
From: wollman@bimajority.org (Garrett Wollman)
Date: Fri, 7 Jan 2011 04:53:06 +0000 (UTC)
Message-ID: <ig667i$6as$1@grapevine.csail.mit.edu>
X-Complaints-To: security@csail.mit.edu
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
In article <mailman.540.1294370431.20243.kerberos@mit.edu>,
Russ Allbery <rra@stanford.edu> wrote:
>memset(&creds, 0, sizeof(creds));
>
>You need to zero the whole thing, not just a few fields, to be sure that
>you've caught any stray fields that may make the library think that
>there's allocated data to clear.
ObPedant:
Well, technically, Standard C says you're supposed to:
static const krb5_creds zero_initialized_creds;
krb5_creds creds = zero_initialized_creds;
Nobody ever does this. Depending on how krb5_creds is declared, you
could also do:
krb5_creds creds = { .name_of_some_scalar_member = 0 };
Again, nobody ever does this, to the extent that no processor
architecture for which they are different is likely ever to be
produced again. (Certainly MIT Kerberos would never run on such an
architecture.)
Kerberos developers could follow the example of POSIX threads and
provide a manifest constant so that clients could do:
krb5_creds creds = KRB5_CREDS_INITIALIZER;
...to give some additional clarity. A good compiler will optimize
this initializer (which in C99 but not C89/C90 could be made a real
rvalue) into the memset call, whereas it may not be able to do the
same for the zero_initialized_creds version.
-GAWollman
--
Garrett A. Wollman | What intellectual phenomenon can be older, or more oft
wollman@bimajority.org| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers. | accepted by all practitioners? - S.J. Gould, 1993
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
